May: The True Cybersecurity MonthAn Active Month on the IT Security Front
Two years ago this Sunday, May 29, 2009, President Obama unveiled his cyberspace policy review that outlined his administration's approach to cybersecurity (see The President's 10-Point Cybersecurity Action Plan). Earlier this May, the Obama administration introduced its cybersecurity legislative package (see White House Unveils Cybersecurity Legislative Agenda) and its international cybersecurity policy (see Seeking Secure, Reliable Internet to Support Trade, Free Expression).
The dreams of a safer cyberworld the president articulated in May 2009 are closer to becoming reality because of the actions taken in May 2011. The administration's reluctance, until now, to endorse major IT security legislation is a major reason Congress has failed to enact a significant cybersecurity reform law in the past two years (see Administration Declines to Back Cybersecurity Bill).
The dreams of a safer cyberworld the president articulated in May 2009 are closer to becoming reality because of the actions taken in May 2011.
Still, even with the White House shifting into first gear on cybersecurity legislation, there's no guarantee that a cybersecurity law will speedily be enacted. Some lawmakers have expressed reservations about a few provisions in the Obama legislative proposals that could doom cybersecurity legislation. At a hearing on the Obama cybersecurity bills, Senate Homeland Security and Governmental Affairs Committee Chairman Joseph Lieberman, ID-Conn., griped that the White House didn't go far enough to provide liability protection for businesses that take steps to secure their IT systems. "Failure to do something on liability could prevent passage," Lieberman warned (see Obama Cybersecurity Package Praised, Criticized).
Another complaint heard in the Capitol is that the Obama plan does not place limit on presidential authority over the Internet, instead relying on existing laws such as the Communications Act of 1934 that gives the president authority to seize control of radio stations and equipment in a national emergency. "We should think ahead of what authorities the president should have and not be ambiguous or rely on law of take over radio stations," said Sen. Susan Collins of Maine, the committee's ranking Republican who's cosponsor of a cybersecurity bill with Lieberman and Sen. Thomas Carper, D-Del., that specifies limits in presidential authority over the Internet (see Senate Bill Eyes Cybersecurity Reform).
Despite some harping about the Obama package, administration officials appearing before the Lieberman committee emphasized their willingness to compromise. "This is a critical area where different people have different ideas on how government should be empowered," Homeland Security Deputy Undersecretary Philip Reitinger said, quickly adding that this is a point of negotiation.
True, getting a bill to President Obama's desk won't be easy, but the mere fact that the White House presented a comprehensive legislative package, and said it's willing to compromise, suggests that changes to how our government governs IT security may occur well before next May, perhaps by October, Cybersecurity Awareness Month.